4 matches found
EUVD-2022-6363
Malicious code in bioql PyPI...
CVE-2022-31179 Insufficient escaping of line feeds for CMD in shescape
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...
Carriage Return And Line Feed (CLRF) Injection
shescape is vulnerable to carriage return line feed CRLF injection. User provided data for Powershell and cmd.exe on Windows systems are not escaped sufficiently, allowing an attacker to input a line feed character '\n'...
GHSA-JJC5-FP7P-6F8W Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
Impact This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character '\n' in the payload. Example: javascript import cp from "node:childprocess"; import as shescape from...